I use <cflocation> and a session var. I also do this in a custom tag, so that I can
better re-use code.
The implementation at the top of the page looks like:
<cfmodule template="../../Tags/Security.cfm" SecurityAccessCode="AdminNR">
If they don't meet thre requirement (based on a session var list of permissions),
they are redirected to the login page. Before redirecting I set a session var with
the url they are trying to get to, so that after logging in they are taken straight to
the page they were trying to get to in the first place.
>>> Jeff Brown <[EMAIL PROTECTED]> 05/23/02 11:07AM >>>
I am planning on adding role based page level security to my application by
adding this chunk of code to every page:
<body>
<cfif ListFindNoCase("AllowedRole1,AllowedRole2,AllowedRole3",
#session.user_role#, ",") EQ 0>
You are not authorized to view this page. <cfabort>
</cfif>
. [page content] ...
</body>
Session.user_role is set when the user logs in to the app. Is this a fairly
standard way to do it? Certain pages should not be viewable by certain
roles, can anyone think of an instance where a user could get past this?
TIA.
v/r,
Jeff
______________________________________________________________________
Get the mailserver that powers this list at http://www.coolfusion.com
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
